Security Advisory

CVE-2025-40980

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-31 09:46:07

Last updated 2025-07-31 13:24:58

Assigner INCIBE

State PUBLISHED

Description

A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.

← Browse all CVEs View on cve.org ↗